G-TAC Software developed FolderSecurityViewer, a lightweight Windows desktop application that makes analyzing and reporting on NTFS file and folder permissions a snap. The product is available as a free trial.

Here's the situation: your organization needs to certify with an international security compliance standard, and you're frustrated with the Windows Server built-in tools for analyzing NTFS effective permissions and determining resource ownership.

For example, the Effective Access tab in Windows Server requires quite a bit of navigation even to get to:

right-click a folder and select Properties

navigate to the Security tab and click Advanced

navigate to the Effective Access tab and select a user

select a device and click View effective access

Viewing effective access in Windows Server 2016

Whew--that's a lot of work. Windows doesn't let you easily print those results, and you're in for a lot of clicking if you need to review dozens of folders.

To that end, the Germany-based independent software vendor (ISV) G-TAC Software saw this situation as an opportunity to develop an easy-to-use front end for inspecting and reporting on NTFS permissions. Their product is FolderSecurityViewer, and I'd like to show it to you now.

G-TAC offers a 14-day trial version that, sadly, is feature-limited. It took me all of 20 seconds to install FolderSecurityViewer on one of my Windows Server virtual machines. Supported Windows versions are Windows 7 through Windows 10, and Windows Server 2008 through Windows Server 2012. The software worked fine for me on Windows Server 2016.

Here are the other installation requirements:

You must run the software as an administrator.

File servers you wish to analyze must be members of an Active Directory Domain Services (AD DS) domain.

Specifically, FolderSecurityViewer is a Windows Presentation Foundation (WPF) desktop application that requires no external database connection. (G-TAC plans to add this functionality to the Company and Enterprise Editions later this year.) Note that you don't have to install the tool on all your file servers. You simply install FolderSecurityViewer on your administrative workstation and you can then analyze the shares of an unlimited number of servers.

That said, open the tool and click Settings to review customizable options. For example, the following screenshot shows that we can limit FolderSecurityViewer to a particular scan depth to enhance performance. You can also customize which Active Directory user properties to display in output.

Use the Folders tree to find a folder you want to analyze. Next, right-click the object and select Trustees Report from the shortcut menu. I show you this in the next figure.

Viewing folder trustees

In FolderSecurityViewer nomenclature, trustees are Active Directory user accounts that appear on an object's NTFS discretionary access control list (DACL). In the example above, my Tim account has Full Control access to the AD-Scripts folder, and the user Pat Stroh has Read access.

If you want to see the folder's ACL from Windows' perspective, click Access Control List in the FolderSecurityViewer interface. The following figure shows all access control entries (ACEs), including AD groups and system identities.

Viewing the Windows DACL

NOTE: G-TAC chose the software's name FolderSecurityViewer intentionally. That is because you cannot modify NTFS permissions in any way. Instead, this is purely an analysis and reporting tool.

Now navigate to the Folder Report tab. This lists metadata statistics, including owner, file count, and size for the current folder as well as for nested subfolders. Here is that view:

FolderSecurityViewer folder report

In summary, you can use FolderSecurityViewer to scan folder hierarchies quickly to answer security-related questions such as:

Do any users have access to these resources they shouldn't have access to in the first place?

Which users have too many or too few permissions to a given resource?

Where are there permission-inheritance conflicts that may prevent legitimate users from accessing resources?

In FolderSecurityViewer, select a folder in the Folders view. Next, change the view to Users & Groups. Browse your Active Directory domain in the tree view and identify a user to inspect. Last, right-click the user and select Show Owner Report from the shortcut menu.

Viewing the owner report

Being able to identify resource owners easily is valuable to Windows systems administrators because we can isolate the source of resource access problems. We can also find all the resources owned by, say, users the company no longer employs. You then have the information you need to take ownership of the resources and potentially reset NTFS permissions.

You can find permissions differences between a higher-level folder and a subfolder. With deeply nested folder hierarchies, this can save significant time. In FolderSecurityViewer, generate a trustee report for a parent folder.

The Differences button shows how many differences exist in subfolders. Double-click an entry in the Differences window to see the trustees of that child object. I show you this in the following screen capture.

Comparing folder permissions

In the above figure, the parent folder AD-Scripts has tim and pat as trustees. However, the nestedtemplates subfolder has only tim. Problem solved!

Check G-TAC's order page for more details. FolderSecurityViewer provides administrators with a dead-simple NTFS permissions analysis and reporting tool. The learning curve is short, and the impact is potentially high enough for you to warrant the license cost.

This July, we asked for software tips from the 2017 Microsoft Office National Champions, a set of charming teens who are officially the best at using PowerPoint, Word, and Excel. The Verge recently followed these teens to the World Championship in California, where they tested their Office skills in a contest that out-nerds the spelling bee.

In order to provide industry-standard compliance with the SWIFT 2017 Standards MT release 2017, Microsoft is offering, to customer's with Software Assurance, updates to the flat-file (MT) messaging schemas used with the Microsoft BizTalk Accelerator for SWIFT. The A4SWIFT Message Pack 2017 contains the following: Re-packaging of all SWIFT FIN message types and business rules...

Independent rendering allows the browser to selectively offload graphics processing to an additional CPU thread, so they can be rendered with minimal impact to the user interface thread and the overall visible performance characteristics page, such as silk-smooth scrolling, responsive interactions, and fluid animations. This technique was pioneered in Internet Explorer 11, and is key

Azure Service Bus .NET Standard client is generally available. With it comes support for .NET Core and the .NET framework. And as mentioned in an earlier post it also supports Mono/Xamarin for cross-platform application development. This is only the start of greater things to come.

The Azure Service Bus team is extremely excited to announce general availability of our Java client library version 1.0.0. It allows customers to enjoy a solid Java experience with Azure Service Bus as it comes complete with native functionality.